A Framework for the Evaluation of Collaborative Intrusion Detection

Abstract

Since in the last decades IT systems have gained in importance for almost every kind of business, the number of threats these systems are facing increased continuously, too. Hence, companies as well as other institutions like governments or universities need to protect their IT infrastructure against illegitimate access. Hence, intrusion detection systems are utilized for early detection of these attacks. Nowadays, these systems are usually realized in a distributed manner, allowing for better detection accuracy and the ability to detect certain types of attacks that single entities cannot detect at all. These systems consist of several nodes distributed within the network and collaborating with each other. Though, the development and evaluation of such systems relies on substantial analyses. These are often based upon the result of network simulations. Since new developments in this area are usually based upon collaborative approaches, a network simulator would be helpful that provides functionality for organizing the different intrusion detection nodes in groups, which allows the user to concentrate on the development of the actual detection approach. Such a simulator does not exist at the moment. The following work proposes a concept for the LSM++ framework that builds upon an existing network simulator and extends it by functionality for organization of the network nodes in collaboration groups on the one hand, and by the ability to handle huge networks quite efficiently on the other hand. The latter is achieved by raising the abstraction level for the majority of the nodes present in the network. The framework is designed in a way that allows for easy exchange of the procedures for group organization or communication scheme.

@MASTERSTHESIS{Grunewald2010,
author = {Grunewald, Dennis},
title = {A Framework for the Evaluation of Intrusion Detection},
school = {Technische Universit{"a}t Berlin},
year = {2010},
address = {Berlin, Germany},
month = {11},
abstract = {Since in the last decades IT systems have gained in importance for almost every kind
of business, the number of threats these systems are facing increased continuously, too.
Hence, companies as well as other institutions like governments or universities, need
to protect their IT infrastructure against illegitimate access. Hence, intrusion detection
systems are utilized for early detection of these attacks. Nowadays, these systems are
usually realized in a distributed manner, allowing for better detection accuracy and the
ability to detect certain types of attacks, that single entities cannot detect at all. These
systems consist of several nodes distributed within the network and collaborating with
each other.
Though, the development and evaluation of such systems relies on substantial analyses.
These are often based upon the result of network simulations.
Since new developments in this area are usually based upon collaborative approaches,
a network simulator would be helpful that provides functionality for organizing the different
intrusion detection nodes in groups, which allows the user to concentrate on the
development of the actual detection approach. Such a simulator does not exist at the
moment.
The following work proposes a concept for the LSM++ framework that builds upon
an existing network simulator and extends it by functionality for organization of the
network nodes in collaboration groups on the one hand, and by the ability to handle
huge networks quite efficiently on the other hand. The latter is achieved by raising the
abstraction level for the majority of the nodes present in the network. The framework is
designed in a way that allows for easy exchange of the procedures for group organization
or the communication scheme.},
owner = {grunewald},
timestamp = {2011.03.17}
}
Author:
Dennis Grunewald
Category:
Diploma Thesis
Year:
2010
Location:
Berlin, Germany